package com.ljm.commom.web.utils;


import com.ljm.common.excuption.BaseException;
import org.apache.commons.lang3.StringUtils;

/**
 * @author: ChenHuaMing
 * @Date: 2019/11/18 16:23
 * @Description: sql注入检查
 */
public class SqlFilterUtil {
    private SqlFilterUtil(){}
    /**
     * SQL注入过滤
     * @param str 待验证的字符串
     *
     */
    public static void sqlInject(String str) {
        // 去掉'|"|;|\字符
        str = StringUtils.replace(str, "'", "");
        str = StringUtils.replace(str, "\"", "");
        str = StringUtils.replace(str, ";", "");
        str = StringUtils.replace(str, "\\", "");
        // 转换成小写
        str = str.toLowerCase();
        // 非法字符
        String[] keywords = { "master", "truncate", "insert", "select", "delete", "update", "declare", "alert",
                "create", "drop","1=1","or 1=1" };
        // 判断是否包含非法字符
        for (String keyword : keywords) {
            if (str.contains(keyword)) {
                throw new BaseException("10001","请不要使用非法字符");
            }
        }
    }
}
